Its a bit odd to ask how a DNS server that functionally provides access is meant to be used to deny access. By simply not allowing it to resolve at all it in effect blocks access. If you are using a Linux machine for DNS resolution you may be able to get away with dynamically adjusting the DNS settings by doing a cronjob of deleting the means of resolving particular websites at certain times and readding them at the times you like. I am sure this can be done with Windows too, but I am not very strong in task scheduling and manipulation of timed program execution in Windows.
–
Stephen RJul 12 '12 at 16:58

3 Answers
3

I think what you are looking is a proxy software that will allow you to deny/allow http requests. Squid, should work for you. Please note this isn't exactly trivial using setting up the config file. However, I did find a post that might be relevant to your specific problem.

As Hennes eludes to, DNS only services name resolutions (transforms www.google.com to 173.194.74.139).

Plus, a user can always use an alternate DNS server. And if you're blocking outbound DNS requests from everything except your DNS server, the user can always tunnel the DNS requests through a proxy.
–
Darth AndroidJul 12 '12 at 14:25

… or the client could just use the IP address instead.
–
slhck♦Jul 12 '12 at 15:01

I know it can't block access, (the US government doesn't know that, but I do!) I just thought that it would work well to keep a non-technical user from gaining access at certain times of the day. Okay so I should be using a proxy instead... :-p
–
leeand00Jul 12 '12 at 18:31

It should work for non technical persons. But if a person can google then he or she will discover how extremely easy it is to avoid it. And once one person knows it will spread. Then there is the caching part which might mess things up. And thirdly a proxy can do many useful things. Not just block stuff, but also do what it was originally written for: Speed things up and lower bandwidth. Sadly I never saw it used for the latter two reasons.
–
HennesJul 12 '12 at 19:56

A solution can be to use your own webserver that runs a script to check the time, if it's within the time range forward the request to the actual server, if it's not return stuff like 403 or 503. Then use DNS to hijack the actual site.